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International Bureau (PCT Rule 17.2(a)). 
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DETAILED ACTION 



1. 



The response of 6/6/2007 was received and considered. 



2. 



Claims 1-11 & 13-35 are pending. 



Allowable Subject Matter 



3. 



Claims 1-11 & 13-35 are allowed. 



4. 



The following is an examiner's statement of reasons for allowance: 



Regarding claim 1, Sandhu discloses encapsulating security mechanism application 
specific information/permissions for each security mechanism/permission (p. 122, §5), wherein 
encapsulating includes forming a key/ability for each security mechanism/permission, 
combining keys/abilities to form key chains/abilities, encapsulating key chains/abilities as 
keys/abilities (p. 122, §5) and passing the key chain keys/abilities to another semantic layer/UP- 
Roles (p. 122, §5), defining the security policy/UP-Roles (p. 122, §5), wherein defining includes 
forming key chains from keys/abilities and associating users with key chains/abilities (p. 122, 
§5), translating the security policy/UP-Roles and exporting the translated security policy to the 
security mechanisms, and enforcing the security policy via the security mechanisms (p. 107, 5 & 



Regarding claim 6, Sandhu discloses a plurality of security mechanisms/permissions, a 
plurality of semantic layers (UP-Roles, abilities, permissions) (p. 122, §5), wherein the first 
semantic layer combines keys/abilities, wherein each key encapsulates security mechanism 
application specific information for a security mechanism (permissions for resources) (p. 122, 



Fig. 1). 
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§5), wherein in multiple layers, keys are combined into key chains and exported to another 
semantic layer (permissions combined into abilities, abilities combined into additional abilities, 
combination abilities combined into UP-Roles). Crall discloses an "Authorization Server", which 
employs an interface to make it easy for administrators to manage users (p. 874). In disclosing 
the physical implementation that Sandhu lacks, Crall further discloses that authorization checks 
result from the security mechanisms/authorization mechanisms (p. 876, §2.4) when changes 
are made, translation occurs to keep the authorization database up to date (p. 878, 1). 

Regarding claim 11, Sandhu discloses a model comprising one or more semantic 
layers/roles for defining different security policies (p. 122, §5) and constraints (p. 108, 1) for 
each type of user. Crall discloses an "Authorization Server", which employs an interface to 
make it easy for administrators to manage users (p. 874). In disclosing the physical 
implementation that Sandhu lacks, Crall further discloses that authorization checks result from 
the security mechanisms/authorization mechanisms (p. 876, §2.4) when changes are made, 
translation occurs to keep the authorization database up to date (p. 878, 1). 

However, regarding claims 1-5 & 32, the prior art of record fails to teach or disclose, 
either alone or in combination, the encapsulating and combining of keys/key chains with an 
application layer, a semantic layer and a local policy layer, in combination with the remaining 
elements of the claim(s). 

Regarding claim 6-10, the prior art of record fails to teach or disclose, either alone or in 
combination, wherein the model includes an application layer to encapsulate a security 
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mechanism into a key and a local policy layer to associate a user to a key, in combination with 
the other elements of the claim(s). 

Regarding claims 11 & 13, the prior art of record fails to teach or disclose, alone or in 
combination, a static application policy layer, two or more semantic policy layers, and a 
dynamic local policy layer, in combination with the other elements of the claim(s). 

Regarding claims 14-21 & 33, the prior art of record fails to teach or disclose, either 
alone or in combination, an application policy layer, a first semantic policy layer, a second 
semantic policy layer and a local policy layer, in combination with the other elements of the 
claim(s). 

Regarding claims 22-30 & 34, the prior art of record fails to teach or disclose, alone or in 
combination, a static application policy layer, a semantic policy layer and a dynamic local policy 
layer, in combination with the other elements of the claim(s). 

Regarding claims 31 & 35, the prior art of record fails to teach or disclose, alone or in 
combination, a static application policy layer, a semantic policy layer and a dynamic local policy 
layer, in combination with the other elements of the claim(s). 

5. Any comments considered necessary by applicant must be submitted no later than the 
payment of the issue fee and, to avoid processing delays, should preferably accompany the 
issue fee. Such submissions should be clearly labeled "Comments on Statement of Reasons for 
Allowance/' 



Conclusion 
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Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Michael J. Simitoski whose telephone number is (571) 272- 
3841. The examiner can normally be reached on Monday - Thursday, 6:45 a.m. - 4:15 p.m.. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kambiz Zand can be reached on (571) 272-3811. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private 
PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you 
would like assistance from a USPTO Customer Service Representative or access to the 
automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



August 6, 2007 

MJS 

/MJS/ 




